Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"virus Alert!"


  • Please log in to reply
5 replies to this topic

#1 dani-lou

dani-lou

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:24 PM

Posted 31 August 2008 - 04:44 PM

Hi Guys,

I've never posted anywhere like this before, so I'm not sure it's even in the right place; but here's hoping!
I've seen a few other threads with the same problem: A message saying "VIRUS ALERT!" is showing in my time box, and also in the "Registered to" section about My Computer properties. Also, the C: drive doesn't display in My Computer, and the Programs option isn't in the start menu. I'm running on XP (SP2 I believe...?!)

Right, I've seen that it's frowned upon to do anything before being told to, so I'm just waiting here a bit helpless to be honest... Any help vastly appreciated. Thank you :thumbsup:

BC AdBot (Login to Remove)

 


#2 dhants20

dhants20

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 31 August 2008 - 04:55 PM

This one is really fun to remove, i bet you don't have a task manager, registry and a lot of buttons on the start... unlock those first.

1) on your keyboard press on the windows button and r
2) on the run box type in cmd
3) on the command prompt type in paste this:
taskkill /f /im explorer.exe

SET HK00=HKCU\Software\Microsoft\Windows\CurrentVersion\Policies
SET HK01=HKLM\Software\Microsoft\Windows\CurrentVersion\Policies
SET HK02=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
SET HK03=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
SET HK04=HKEY_CLASSES_ROOT\exefile\shell\open\command
SET HK05=HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
SET HK06=HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState
SET HK07=HKEY_CURRENT_USER\Control Panel\International
SET HK08=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion

REG DELETE "%HK04%" /f
REG ADD "%HK04%" /ve /t REG_SZ /d "\"%1\" %*" /f

REG DELETE "%HK00%" /f
REG DELETE "%HK01%" /f

REG ADD "%HK00%\Explorer" /v "NoDriveTypeAutoRun" /t REG_DWORD /d 0x91 /f

REG ADD "%HK02%" /v "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}" /t REG_DWORD /d 0x1 /f
REG ADD "%HK02%" /v "{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}" /t REG_DWORD /d 0x40000021 /f
REG ADD "%HK02%" /v "{0DF44EAA-FF21-4412-828E-260A8728E7F1}" /t REG_DWORD /d 0x20 /f

REG ADD "%HK03%" /v "dontdisplaylastusername" /t REG_DWORD /d 0x0 /f
REG ADD "%HK03%" /v "shutdownwithoutlogon" /t REG_DWORD /d 0x1 /f
REG ADD "%HK03%" /v "undockwithoutlogon" /t REG_DWORD /d 0x1 /f
REG ADD "%HK03%" /v "legalnoticecaption" /t REG_SZ /d "" /f
REG ADD "%HK03%" /v "legalnoticetext" /t REG_SZ /d "" /f



REG ADD "%HK05%" /v "Hidden" /t REG_DWORD /d 0x1 /f
REG ADD "%HK05%" /v "HideFileExt" /t REG_DWORD /d 0x0 /f
REG ADD "%HK05%" /v "SuperHidden" /t REG_DWORD /d 0x0 /f
REG ADD "%HK05%" /v "WebViewBarricade" /t REG_DWORD /d 0x1 /f
REG ADD "%HK05%" /v "ShowSuperHidden" /t REG_DWORD /d 0x1 /f
REG ADD "%HK05%" /v "ClassicViewState" /t REG_DWORD /d 0x0 /f
REG ADD "%HK05%" /v "PersistBrowsers" /t REG_DWORD /d 0x0 /f
REG ADD "%HK05%" /v "SeparateProcess" /t REG_DWORD /d 0x1 /f


REG ADD "%HK05%" /v "Start_ShowControlPanel" /t REG_DWORD /d 0x2 /f
REG ADD "%HK05%" /v "StartMenuFavorites" /t REG_DWORD /d 0x2 /f
REG ADD "%HK05%" /v "Start_ShowHelp" /t REG_DWORD /d 0x1 /f
REG ADD "%HK05%" /v "Start_ShowMyComputer" /t REG_DWORD /d 0x1 /f
REG ADD "%HK05%" /v "Start_ShowMyDocs" /t REG_DWORD /d 0x1 /f
REG ADD "%HK05%" /v "Start_ShowMyMusic" /t REG_DWORD /d 0x1 /f
REG ADD "%HK05%" /v "Start_ShowMyPics" /t REG_DWORD /d 0x1 /f
REG ADD "%HK05%" /v "Start_ShowPrinters" /t REG_DWORD /d 0x1 /f
REG ADD "%HK05%" /v "Start_ShowRun" /t REG_DWORD /d 0x1 /f
REG ADD "%HK05%" /v "Start_ShowSearch" /t REG_DWORD /d 0x1 /f
REG ADD "%HK05%" /v "Start_ShowRecentDocs" /t REG_DWORD /d 0x2 /f
REG ADD "%HK05%" /v "Start_ShowNetConn" /t REG_DWORD /d 0x1 /f


REG ADD "%HK06%" /v "FullPath" /t REG_DWORD /d 0x1 /f
REG ADD "%HK06%" /v "FullPathAddress" /t REG_DWORD /d 0x1 /f

REG ADD "%HK07%" /v "s1159" /t REG_SZ /d "AM" /f
REG ADD "%HK07%" /v "s2359" /t REG_SZ /d "PM" /f
REG ADD "%HK07%" /v "sTimeFormat" /t REG_SZ /d "h:mm:ss tt" /f

REG ADD "%HK08%" /v "RegisteredOrganization" /t REG_SZ /d "" /f


@ECHO.
@ECHO.
start %SYSTEMROOT%\explorer.exe
@pause


3) that will give you access to your registry and task manager
4) to fix the missing local disk and no start menu on the start button edit this entries on your registry - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Policies\Explorer
5) HKLM\software\microsoft\windows NT\CurrentVersion - look for product ID and delete Virus Alert!
On the right pane, delete the NoDrive and NoStartMenuMorePrograms entries.
6) for the virus alert on your time... Go to Control panel, Click Regional and Language option, Change Format from ENGLISH (US) to ENGLISH (ZIMBABWE) apply then change it back to ENGLISH (US) then click apply.
7) from here you could run the automated programs other peeps here would recommend.... but i would rather use autoruns and process explorer... good luck

#3 dhants20

dhants20

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 31 August 2008 - 04:56 PM

and for the other options on your start, right click on the start button, properties
customize, advanced then turn on everything on the start menu items box

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:24 AM

Posted 31 August 2008 - 08:40 PM

WARNING:
(The information provided above, requires a registry edit) (The recommended program, will make changes to the registry.)
Improper changes to the registry could render your computer inoperable.
Remember to backup the registry, before making any changes.
Instructions, on how to do that, can be found here:
How to back up, edit, and restore the registry
(I highly recommend, you make a copy of this article, before proceeding.)
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 dani-lou

dani-lou
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:24 PM

Posted 01 September 2008 - 02:06 AM

Ooooh, thanks guys!
I think I'm cured!
I have a new laptop also. Could you please tell me the best way to protect it from such disasters? And hopefully at the price of free!

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:24 AM

Posted 03 September 2008 - 07:40 PM

Please take a look here at our list. Freeware Replacements For Common Commercial Apps
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users